performing-red-team-with-covenant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires obtaining and using a Covenant JWT/API token and would typically place that token verbatim into API calls or generated commands (e.g., Authorization headers), which creates an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This repository automates and orchestrates a Covenant C2 server to create listeners, generate launchers, deploy and control agents, and run remote tasks (including credential-stealing tasks like Mimikatz and file download/upload), which directly enables remote code execution, credential theft, and data exfiltration—capabilities that are inherently high-risk and can be used as backdoors for unauthorized compromise.